Abuse response [Was: RE: Yahoo Mail Update]
lou at metron.com
Tue Apr 15 18:50:35 UTC 2008
On Tue, Apr 15, 2008 at 10:56:02AM +0530, Suresh Ramasubramanian wrote:
> On Tue, Apr 15, 2008 at 10:16 AM, Paul Ferguson <fergdawg at netzero.net> wrote:
> > As I mentioned in my presentation at NANOG 42 in San Jose, the
> > biggest barrier we face in shrinking the "time-to-exploit" window
> > with regards to contacting people responsible for assisting in
> > mitigating malicious issues is finding someone to actually
> > respond.
> Fergie.. you (and various others in the "send emails, expect
> takedowns" biz) - phish, IPR violations, whatever.. you're missing a
> huge, obvious point
> If you send manual notificattions (aka email to a crowded abuse queue)
> expect 24 - 72 hours response
> If you have high enough numbers of the stuff to report, do what large
> ISPs do among themselves, set up and offer an ARF'd / IODEF feedback
> loop or some other automated way to send complaints, that is machine
> parseable, and that's sent - by prior agreement - to a specific
> address where the ISP can process it, and quite probably prioritize it
> above all the "j00 hxx0r3d m3 by doing dns lookups!!!!" email.
> That kind of report can be handled within minutes.
Is there an equivalent mechanism for those of us at the fringes of the galaxy to
report problems? What is probably needed for little folks like me is not
instant response but rather an address and formatting specs so that the information
is of maximum usefullness to you and we don't get auto-naks. After all, I can
probably generate a few reports a week, but not hundreds per day.
This work was funded by The Corporation for Public Bad Art despite their
More information about the NANOG